Resumen del rol

Application Security Engineer

Requisitos y responsabilidades

Contenido del rol extraído en secciones para revisar más rápido.

In this role, you will:

  • Review, test, and monitor our applications to identify security weaknesses
  • Manage vulnerabilities from discovery through remediation, working directly with engineering teams to resolve them
  • Respond to infrastructure security alerts and perform hardening, including reviewing roles and permissions across services and APIs
  • Participate in incident response and root cause analysis
  • Analyze and monitor relevant security threats and prevention measures based on industry trends and standards
  • Partner with product, development, and infrastructure teams to embed security requirements into how they build
  • Integrate and operate automated security testing across the development lifecycle, including SAST, DAST, SCA, secrets detection, container, and supply chain security
  • Develop security automation and tooling to scale security across engineering
  • Drive threat modeling and secure-by-design practices across our services
  • Assess our overall security posture and identify risks, providing recommendations to strengthen it
  • Assist in addressing emergent threats in AI security as PandaDoc deploys AI in its product and for internal use

Our stack:

  • Service-oriented architecture
  • Main development stacks: Java/Spring, Python/Django, JavaScript/React
  • Docker, Kubernetes
  • Amazon Web Services: EKS, RDS, S3, ElastiCache, etc.
  • Monitoring stack: Grafana, Loki, Tempo, Mimir
  • Source control & CI/CD: GitHub / GitHub Actions
  • A combination of AWS native and 3rd party security solutions for infrastructure and application security (WAF, CNAPP, SCA/SAST, DAST, IDS/IPS, etc.)

About you:

  • 3+ years of experience with application security tools such as SAST/SCA, DAST, WAF, CI/CD security, and penetration testing
  • 2+ years of cloud security experience implementing security controls and best practices in AWS, GCP, or Microsoft Azure
  • Strong background in web application security, including common vulnerability classes (OWASP Top 10, CWE Top 25), attack vectors, and mitigations
  • Good understanding of access control and identity management principles (SAML 2.0, OAuth, OIDC, JWT, etc.)
  • Practical skills building security automation and tooling with Python, Bash, or equivalent languages
  • Experience implementing DevSecOps practices across the SDLC
  • Familiarity with containerized, Kubernetes-based environments and their security
  • Solid interpersonal, written, and verbal communication skills
  • Upper-Intermediate English level (B2+)

Benefits:

  • A competitive salary. If you are located in Poland, the salary range is 222000 to 334000 PLN annually.
  • An honest, open culture that emphasizes feedback and promotes professional and personal development
  • An opportunity to work from anywhere — our team is distributed worldwide, from Lisbon to Manila, from Florida to California
  • 6 self care days
  • And much more!
Roles similares

Mantén una lista de respaldo.

Ver stack
FocoApplication SecurityÁrea del rol
Señal de seniorityMiddleNivel del candidato
StackAWS, Azure, CI/CDSkills principales
Ubicación2 países aceptadosElegibilidad

Stack

Usa estas tags para comparar roles remotos similares.

Elegibilidad de ubicación

Candidatos deberían aplicar solo cuando el país del perfil aparece aquí.

Tu perfilPaís no definidoInicia sesión para comparar tu país con este rol.

Flujo de contratación

WithMira muestra el rol y luego envía candidatos a la aplicación de la empresa.

1Revisa fit del rol, stack y elegibilidad de ubicación en WithMira.
2Abre la página de aplicación de la empresa desde el link rastreado.
3Guarda el rol o suscríbete a oportunidades similares antes de salir.